Connect with us

Hi, what are you looking for?


Endpoint Security

Office 2013 Gets Macro-Blocking Feature

Microsoft this week announced boosted customer security with a new feature in Office 2013: the ability to block risky macros.

Microsoft this week announced boosted customer security with a new feature in Office 2013: the ability to block risky macros.

The new functionality is Microsoft’s response to the growing trend of macro-abusing malware assaulting users worldwide and is meant to render corporate networks safer from such threats. Enterprise administrators can now block Office 2013 users from running macros in documents that originated from the Internet.

Earlier this year, the Redmond-based tech giant introduced the functionality in Office 2016 to prevent malicious macros from compromising computers in specific scenarios, and now it made it available for more of its customers.

The same as in Office 2016, enterprise admins can enable the option for Word, Excel, and PowerPoint. Control over this feature is available via the respective application’s Group Policy Administrative Templates for Office 2013.

The functionality is meant to work in Office 2013 exactly the same as in Office 2016, Microsoft says. Thus, organizations have the option to selectively scope macro use to a set of trusted workflows, while also being able to block users from enabling macros in scenarios that are considered high risk. Courtesy of a different and stricter notification, users will be able to more easily distinguish between high-risk situations and normal workflow.

The feature is meant to address the issue of risky macros in documents downloaded from websites or cloud storage services such as OneDrive, Google Drive, and Dropbox. Macros in documents received as attachments in emails from outside sources, as well as those opened from file-sharing services are also targeted.

Macros have recently reemerged as a popular malware distribution method after being nearly extinct for almost a decade, when Microsoft decided to turn them off by default in Office. Now, cybercriminals use various social engineering tactics to trick users into enabling macros in malicious documents.

Advertisement. Scroll to continue reading.

Researchers observed threat groups abusing macros to deliver malware, but this delivery method is mostly used to infect computers with ransomware or banking Trojans. Recently, researchers discovered that attackers create macro-enabled documents and then rename them by changing their extension, so that detection systems wouldn’t block their delivery.

Related: Microsoft Blocks Risky Macros in Office 2016

Related: Attackers Disguise Macro Malware by Renaming Files

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

The Zero Day Dilemma

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...